Intelligence Center » Browse All Vulnerabilities » CVE-2006-3493
Overview |
|
| Vulnerability Score |  5.1 |
| CVE Id | CVE-2006-3493 |
| Last Modified | 07 Mar 2011 09:38:45 |
| Published | 10 Jul 2006 06:05:00 |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Access Vector | NETWORK |
| Access Complexity | HIGH |
| Authentication | NONE |
CVE-2006-3493
Summary
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
Vulnerable Systems
Application
Microsoft Office 2000
Microsoft Office 2003
Microsoft Office Xp
References
XF - office-lscreateline-dos(27617)
VUPEN - ADV-2006-2720
BID - 18905
BUGTRAQ - 20060711 Fuzzing Microsoft Office
BUGTRAQ - 20060710 MS Word Unchecked Boundary Condition Vulnerability
SECTRACK - 1016453
FULLDISC - 20060707 MS Word Unchecked Boundary Condition
MISC - http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx
FULLDISC - 20060707 MS Word Unchecked Boundary Condition Vulnerability - POC
IT Risk Posture:
Free Risk Assessment Tools
Application Scanner
Find vulnerabilities on your network.
Device Scanner
Find vulnerabilities on your network.
Patch Scanner
Find vulnerabilities on your network.
Last Updated: 27 May 2016 10:44:52
